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Abstract 

We define a simply typed, non-deterministic lambda-calculus where isomorphic 
types are equated. To this end, an equivalence relation is settled at the term 
level. We then provide a proof of strong normalisation modulo equivalence. 
Such a proof is a non-trivial adaptation of the reducibility method. 

Keywords: typed lambda calculus, normalisation, type isomorphisms, 
deduction modulo 



1. Introduction 

The starting point of this work was to understand and formalize the non- 
determinism of quantum programming languages [3, 4]. Unlike other calculi, 
that contain a non deterministic operator |, such that r | t reduces both to r 
and to t, possibly with some probabilities, the non-dcterminism of quantum 
programming languages comes from the interaction of two operators. The first 
allows to build a superposition, that is a linear combination, of two terms a.r + 
/3.t, reflecting that a system may be in more than one state at a time. The 
second is a measurement operator 7r, reflecting that, during measurement, the 
state of such a system is reduced. 

The non-dcterminism arises from the combination of these two construc- 
tions as the term n(a.r + (3.t) reduces to r and to t with probabilities \a\ 2 and 
|/3| 2 . Leaving probabilities aside, the non-dcterminism, in quantum program- 
ming languages, comes from the combination of the operators + and 7r, as the 
term 7r(r + 1) reduces to r and to t. In other words, the primitive operator | of 
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non-deterministic languages is decomposed into two operators, and r | t can be 
seen as an abbreviation for 7r(r + 1). 
The rules 

7r(r + 1) — > r 
7r(r + t) ->t 
are reminiscent of the rules for pairing constructs 

7Ti{r, t) — > r 

7r 2 (r,t) -> t 

and it is therefore tempting to consider the term r + 1 as the pair (r,t) and 7r 
as a projection, that projects the pair (r,t) to r and to t. 

As, in quantum programming languages, unlike with the usual pairing con- 
struct, the places in the pair are immaterial, and the superposed states r + t 
and t + r are identical, it is compelling to consider the pairs r + t and t + r as 
identical and therefore the type A A B and B A A as identical. 

In typed A-calculus, the types A A B and BAA are known to be isomor- 
phic, thus our goal to understand the non-determinism of quantum program- 
ming languages, led us to consider quantum programming languages as typed 
lambda-calculi where isomorphic types were identified, thus pairs unordered, 
hence projection non-deterministic. 

In typed A-calculus, in programming languages, and in proof theory, two 
types A and B are said to be isomorphic, when there exists two functions <j> 
from A to B and ip from B to A such that ipepr = r for all terms r of type A 
and <fiips = s for all terms s of type B. 

Isomorphic types are often identified in informal mathematics. For instance, 
the natural numbers and non negative integers are never distinguished, although 
they formally are different structures. In Martin-Lof's type theory [23], in the 
Calculus of Constructions [9], and in Deduction modulo [17, 19], some isomor- 
phic types, called dcfinitionally equivalent types, for instance x C y, x G P{y), 
and Vz (z £ x z E y) are identified, but definitional equality does not handle 
all the isomorphisms and, for example, A A B and BAA are not identified: a 
term of type AAB does not have type B A A. 

It has already been noticed that not identifying such types has many draw- 
backs. For instance, if a library contains a proof of B A A, a request on a proof 
of A A B fails to find it [26], if r and s are proofs of (^4 A B) =>• C and BAA 
respectively, it is not possible to apply r to s to get a proof of C, but we need 
to explicitly apply a function of type {BAA) =$> (A A B) to s before we can 
apply r to this term. If A and B are isomorphic types and a library contains a 
proof of a properties on A, we cannot use this property on B without any ex- 
tra transformation, etc. This has lead to several projects aiming at identifying 
in one way or another isomorphic types in type theory, for instance with the 
univalence axiom [27]. 

In [7] , Bruce, Di Cosmo and Longo have provided a characterisation of iso- 
morphic types in the simply typed A-calculus extended with products and a unit 
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type (see [13] for a concise overview on type isomorphisms, or [12] for a more 
comprehensive reference). In this work, we define a simply typed A-calculus 
extended with products, where all the isomorphic types are identified, and we 
prove strong normalisation for this calculus. All the isomorphisms in such a 
setting, are consequences of the following four: 

AAB=BAA (1) 

A A (B AC) = (A/\B) AC (2) 

A (B A C) = (A =► B) A {A => C) (3) 

(AAB)^C = A^B^C (4) 

For example, ^4=>£>=^C = i3=>yl=>Cisa consequence of (4) and (1). 

Identifying types requires to also identify terms. For instance, if r is a closed 
term of type A, then Xx A .x is a term of type A =>■ A, and (\x .x, Xx A .x) is a 
term of type (^4 =£• j4) A (A A), hence, by isomorphism (3), also a term of 
type A ^> ( A A A). Thus the term (Xx A .x, Xx A .x}r is a term of type AAA. 
Although this term contains no redex, we do not want to consider it as normal, 
in particular because it is not an introduction. So we shall distribute the appli- 
cation over the pair, yielding the term ((Xx A .x)r, (Xx A .x)r) that finally reduces 
to (r, r). Similar considerations lead to the introduction of several equivalence 
rules on terms, one related to the isomorphism (1), the commutativity of the 
conjunction, (r, s) (s,r); one related to the isomorphism (2), the associativ- 
ity of the conjunction, ((r, s),t) (r, (s, t)); four to the isomorphism (3), the 
distributivity of implication with respect to conjunction, e.g. (r, s)t (rt,st); 
and one related to the isomorphisms (4), the currification, rst r(s, t). As our 
comma is associative and commutative, and because it can be identified with 
a non-deterministic operator, we will write it +. For instance, the equivalence 
due to the associativity of conjunction is rewritten (r + s) + t <=± r + (s + t). 

One of the main difficulties in the design of this calculus is the design of the 
elimination rule for the conjunction. A rule like "if r : A A B then iri (r) : A" , 
would not be consistent. Indeed, if A and B are two arbitrary types, s a term 
of type A and t a term of type B, then s + t has both types A A B and BAA, 
thus 7Ti(s + 1) would have both type A and type B. The approach we have 
followed is to consider explicitly typed (Church style) terms, and parametrise 
the projection by the type: if r : A A B then tta(y) ■ A and the reduction rule 
is then that ^(s + t) reduces to s if s has type A. 

Hence, this rule introduces the expected non-determinism. Indeed, in the 
particular case where A happens to be equal to B, then both s and t have type 
A and ^(s + t) reduces both to s and to t. Notice that although this reduction 
rule is non-deterministic, it preserves typing. This can be summarised by the 
slogan "the subject reduction property is more important than the uniqueness of 
results" [18]. 

Thus, our calculus is one of the many non-deterministic calculi in the sense 
of [6, 8, 10, 11, 24] and our pair-construction operator + is also the parallel 
composition operator of a non deterministic calculus. 
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In non-deterministic calculi, the parallel composition is such that if r and s 
are two A-terms, the term r + s represents the computation that runs either r 
or s non-detcrministically, that is such that (r + s)t reduces either to rt or st. 
In our case, 7rs((r + s)t) is equivalent to 7rs(rt + st), which reduces to rt or st. 

The calculus developed in this paper is also related to the algebraic calculi [1, 
2], some of which have been designed to express quantum algorithms. In this 
case, the pair s + t is not interpreted as a non-deterministic choice but as a 
superposition of two processes running s and t. In this case the projection 
7r is the projection related to the projective measurement, that is the only non 
deterministic operation. In such calculi, the distributivity rule (r+s)t rt + st 
is seen as the pointwise definition of the sum of two functions. 

The main difficulty in the normalisation proof seems to be related to the 
fact that our equivalence relation is "confusing" , that is, it equates types with 
different main connectives such as the isomorphism (3). In [19], for instance, 
only the case of "non confusing" equivalence relations is considered: if two 
non atomic types are equivalent, they have the same head symbol and their 
arguments are equivalent. It is clear however that this restriction needs to be 
dropped if we want to identify, for instance, A^> (B AC) and (A =>■ B) A (A =$> 
C). 

Summarising, this paper is the result of three motivations relatively indepen- 
dent: to formalise non-deterministic calculi, to integrate the type isomorphisms 
to the language, and to understand how much we can extend the deduction 
modulo techniques. 



2. The Calculus 

2.1. Formal Definition 

In this section we present the calculus. We consider the following grammar 
of types, with one atomic type r, 

A,B,C,... ::= r | A => B | A A B . 

The Isomorphisms (1), (2), (3) and (4) are made explicit by a congruent 
equivalence relation between types: 

A A B = B A A, A^(BAC) = (A^B)A(A^C), 

(A A B) A C = A A (B A C), (A A B) C = A =^ B =^ C. 

The set of terms is defined inductively by the grammar 

r, s,t ::= x A \ Xx A .r | rs | r + s | tta (r) 

The set of contexts is defined inductively by the grammar 

C[.\ ::= [•] | Xx A .C[.\ \ C[]v \ vC[] \ C[-] + r \ r + C[-] \ n A (C[-}) 

The type system is given in Table 1. Typing judgements are of the form 
r : A. A term r is typable if there exists a type A such that r : A. 
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(ax) [A=B] ^4 (=) 



x A : A r:B 

l(V(r)U{x A }) f ] - A (=>0 [V(rs)'] — ' — ~^ —r= - - — (=>.) 

Ax .r : A =>■ B rs : B 

^ r + s:iAi] (Ail ^)~4 (AeJ ^(^^ 
Table 1: The type system 



Because of the associativity property of +, the term r + (s + t) is the same as 
the term (r + s) +t, so we can just express it as r + s + t, that is, the parenthesis 
are meaningless, and pairs become lists. In particular, we can project with 
respect to the type of s + 1 in the previous example. Hence, for completeness, 
we also allow to project a term with respect to its full type, that is, if r : A, 
then 71^4(1") reduces to r. 

Since our reduction relation is oriented by the types, we follow [21, 25], and 
use a presentation of typed lambda-calculus without contexts, which makes the 
reduction rules clearer. To this end each variable occurrence is labelled by its 
type, such as Xx A .x A or Xx A .y B . We sometimes omit the labels and write, for 
example, Xx A .x for Xx A .x A . As usual, we consider implicit a-equivalence on 
syntactical terms. The type system forbids terms such as Xx A .x B when A and B 
arc different types, by imposing preconditions to the applicability of the typing 
rules. Let S = {xf 1 , . . . , x A "} be a set of variables, we write to express 
that this set is functional, that is when Xi = Xj implies Ai = Aj. For example 

{x A , y A ^ B Y 1 but not {x A , x A ^ B Y . We write the preconditions of a typing 
rule, at its left. 

The sets FV(r) of free variables of r, BV(r) of bounded variables of r and 
V(r) = FV(r) L)BV(r) are defined as usual in the A-calculus (cf. [5, §2.1]). For 
example V(Xx A ^ B ^ c .xy A z B ) = {x A ^ B ^ c , y A , z B }. We say that a term r is 
closed whenever .FVfr) = 0. 

Given two terms r and s we denote by r[s/x] the term obtained by simulta- 
neously substituting the term s for all the free occurrences of x in r, subject to 
the usual proviso about renaming bound variables in r to avoid capture of the 
free variables of s. 

Lemma 2.1. If r : A and r : B, then A = B. 

Proof. Straightforward structural induction on the typing derivation of r. □ 

The operational semantics of the calculus is given in Table 2, where there are 
two distinct relations between terms: a symmetric relation <=^ and a reduction 
relation «->-, which include a labelling ->6 or 5. Such a labelling is omitted when 

it is not necessary to distinguish the rule. Moreover, relation <-} is ^> U c ^>. 
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Symmetric relation: 

r + s 
(r + s) + t 
Xx A .(r + s) 
(r + s)t 
TTA^B(Xx A .r) 
If r : A (SAC), 7r A ^ s (r)s 

rst 

If A = B, r 

r f r : AAB 1 , , 

If | s:CAi? J, ^c(r + s) 

Reductions: 

If s : A, (AaAr)s 
If r : A, ^(r + s) 
If r : A, 7r A (r) 

' r ^* s + t 



->s 
<-*■ 

-,6 

-.6 
c — >• 
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s + r (comm) 

r + (s + t) (asso) 

AaAr + AaAs (dist«) 

rt + St (DISTie) 

Ax A .7rs(r) (DisT e <) 

7T B (rs) (DISTee) 

r(s + t) (curry) 

r[A/B] (subst) 

7TA(r) + 7Tc(s) (split) 



r[s/x] 

r 

r 

TT A (r) + TT B (r) 



(/3) 

w 

(5) 



C[t] <=t C[s] 



^8 

r s 



C[r] ^> C[s] 



C[r] ^> C[s] 



(C 5 



Table 2: Operational semantics 



Type substitution on a term r, written rL4/B], is denned by the syntactic 
substitution of all occurrences of B in r by A. We write and <=^* for the 
transitive and reflexive closure of '-t and respectively. Note that <=^* is an 
equivalence relation. We write ~> for the relation <-} modulo <=^* (i.e. r ~-> s iff 
r <=±* r' ^ s' <=±* s), and ~-+* for its reflexive and transitive closure. 

Each isomorphism taken as equivalence between types induces an equiva- 
lence between terms, given by relation <=^. Four possible rules exist however 
for the isomorphism (3), depending of which distribution is taken into account: 
elimination or introduction of conjunction, and elimination or introduction of 
implication. 

Only two rules in the symmetric relation are not a direct consequence 
of an isomorphism: rules (subst) and (split). The former allows to update the 
types signature of the Church-style terms. The latter is needed to be used 
in combination to rule (msT ei ) when the argument in the projection is not a 
A-abstraction, but a A-abstraction plus something else (cf. Example 2.10). 

Rule (8) has been added to deal with curryfication, (cf. Example 2.9). Notice 
that the condition in this rule not only asks for the term to not be a sum, 
but to not be equivalent to a sum. Lemma 2.4 ensures that the equivalent 
classes defined by relation <=^*, {s | s r}, are finite, and since the relation is 
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computable, the side condition of (S) is decidable. 

In addition, Lemma 2.4 also implies that every reduction tree is finitely 
branching. 

To prove that for any term r, the set {s | s <=±* r} is finite, one possible way 
would be to prove that if r «=± s then S'(r) = S(s) where the size S(r) of a term 
r is defined as the number of variables and symbols A and ir 

• S(x A ) = 1, 

• S(Xx A .r) =l + 5(r), 

• S'(rs) = S(r) + S(s), 

• S(r + s) = S(r) + S(s), 

. S(n A (v)) = 1 + S(r). 

Indeed, the set {s | s <=^* r} would then be a subset of the set {s | FV(s) C 
FV(r) and S(s) = S(r)} which is finite. 

Unfortunately, it is not the case that the size S is an invariant for the relation 

as the rule (dist«) 

Xx A .(r + s) <=* Xx A .r + Xx A .s 

for instance duplicates the symbol A and the term Xx A .(x + x) is equivalent to 
Xx A .x + Xx A .x, while S(Xx A .(x + xj) = 3 and S(Xx A .x + Xx A .x) = 4. In the 
same way, the rule (DisT ie ) 

(r + s)t ^ rt + st 

duplicates the term t. 

However, the number of times the symbol A can be duplicated in the term 
Xx A .t, is bounded by the number of symbols + that the term t may generate. 
A bound P(t) on this number is easy to define 

• P(x A ) = 0, 

• P(Xx A .r) = P(r), 

• P(rs) = P(r), 

• P(r + s) = 1 + P(r) + P(s), 

• P(t a (t)) = P(r). 

and we can define a size-like measure on terms M, such that M(r) is a bound 
on the size of s for s <=± r. For instance M(Xx A .r) is not 1 + M(r) but 1 + 
M(r) +P(r), to express that the size of s may be bigger than that of r, because 
a symbol A may be duplicated in s, but not much bigger, as it can be duplicated 
at most P(r) times. 

• M(x A ) = 1, 
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• M(Xx A .r) = 1 + M(r) + P(r), 

• M(rs) = M(r) + M(s) + P(r)M(s), 

• M(r + s) = M(r) +M(s), 

• A/(7r A (r)) = 1 + M(r)+P(r). 

Prior to state and prove Lemma 2.4, we need the following two auxiliary lem- 
mas, showing that P(t) and M(t) are invariant with respect to (Lemmas 2.2 
and 2.3 respectively). 

Lemma 2.2. Ifr^s then P(r) = P(s). 

Proof, r + s ^ s + r: P(r + s) = 1 + P(r) + P(s) = P(s + r). 

(r + s) + t <=► r + (s + t): P((r + s) + t) = 1 + P(r + s) + P(t) 

= 2 + P(r) + P(s) + P(t) = 1 + P(r) + P(s + t) 
= P(r + (s + t)) 

AaA(r + s) ^ Ax A .r + AaAs: P(AaA(r + s)) = P(r + s) 

= 1 + P(r) + P(s) = 1 + P(A.iAr) + P(AaAs) 
= P(Xx A .r + Xx A .s) 

( r + s )t ^ rt + st: P((r + s)t) = P(r + s) 

= 1 + P(r) + P(s) = 1 + P(rt) + P(st) 
= P(rt + st) 

7r^^ B (Ax A .r) «=» Az A . 7r B (r): P(^ B (AaAr)) = P(Az A .r) 

= P(r)=P(7r B (r)) 
= P(A:c A .7r i3 (r)) 

7Tyi^B(r)s <=* 7r B (rs): P(7r y4 ^_ B (r)s) = P(7TA^s(r)) 
= P(r) = P(rs) 
= P(7r B (rs)) 

(rs)t ^ r(s + 1): P((rs)t) = P(rs) = P(r) = P(r(s + t)). 
r <=> r[A/B\: P(r) = P(r[A/P]). 

7TAAc(r + s) <=* 7r A (r) + tt c (s): P(7TA AC (r + s) = P(r + s) 

= 1 + P(r) + P(s) = 1 + P(7u(r)) + P(tt c (s)) 
= P(7r A (r) + 7T C (s)) 

C[r] C[s] with r <^ s : Straightfoward case by case on the structure of C[-]. 
For example, let C[-] = C'[-]+t, then P(C[r]) = l+P(C"[r])+P(t), which, 
by the induction hypothesis, is equal to l + P(C"[s]) + P(t) = P(C[s]). □ 



Lemma 2.3. If rT± s then M(r) = M(s). 

Proof. We proceed by structural induction on relation 

r + s ^ s + r: M(r + s) = M (r) + M(s) = M(s + r). 

(r + s) + t ^ r + (s + t): M((r+s)+t) = M(r)+M(s)+M(t) = M(r+(s+t)). 

Xx A .(r + s) <=> AaAr + AaAs: A/(A.T A .(r + s)) 

= 2 + M(r) + M(s) + P(r) + P(s) 
= M(AaAr + AaAs) 

(r + s)t ^ rt + st: M ((r + s)t) 

= M(r + s) + M(t) + P(r + s)M(t) 

= M (r) + M(s) + 2M(t) + P(r)M(t) + P(s)M(t) 

= M(rt) + M(st) 

= M (rt + st) 

^^(AaAr) <=► AaA^r): M^^AaAr)) 

= 1 + M(\x A .r) + P(Xx A .r) 
= 2 + Af (r) + 2P(r) 
= M(Ax A .7r s (r)) 

7r J 4^s(r)s 7r B (rs): M(ir A ^ B {r)s) 

= M(TT A ^ B (r)) + M(s) + P(7r^ s (r))M(s) 
= 1 + M(r) + P(r) + M(s) + P(r)A/(s) 
= 1 + M(rs) + P(rs) 
= M(7r(rs)) 

(rs)t i^r(s + t): M((rs)t) 

= M(rs) + M(t) + P(rs)M(t) 

= M(r) + M(s) + P(r)A/(s) + M(t) + P(r)M(t) 

= M(r) + M(s + 1) + P(r)M(s + t) 

= M(r(s + t)) 

r «=> r[A/B]: M(r) = M(r[A/P]). 

7TAAC(I" + S) ^ 7Tyl(r) + 7T C (s): M(7TylAC(r + s)) 

= l + M(r + s) + P(r + s) 

= 1 + M(r) + M(s) + 1 + P(r) + P(s) 

= M(7r A (r))+M(7r c (s)) 

= M(7r A (r)+7r c (s)) 
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C[r] C[s] with r <^ s : Straightfoward case by case on the structure of C[-]. 
For example, let C[-} = Xx A .C'[-}, then M(C[r]) = l+M(C'[r])+P(C'[r}), 
which, by the induction hypothesis, is equal to l+M(C'[s])+P(C'[r]), and 
this, by Lemma 2.2, is equal to 1 + M(C"[s]) + P{C'[s}) = M(C[s}). □ 

Lemma 2.4. For any term r, the set {s \ s r} is finite (modulo a- 
equivalence) . 

Proof. As {s | s ^* r} C {s | FV(s) = FV(r) and M(s) = M(r)} C 
{s | fy(s) C FV(r) and M(s) < M(r)} all we need to prove is that for all nat- 
ural numbers n, for all finite sets of variables F, the set H (n, F) = {s | FV(s) C 
F and M(s) < n} is finite. 

We first prove by induction on s that M(s) > 1 and then the property by 
induction on n. For n = 1 the set {s | FV(s) C F and M(s) < 1} contains only 
the variables of F. Assume the property is proved for n then H(n + 1,F) is a 
subset of the finite set containing the variables of F, the abstractions (Xx A .r) 
for r in H{n 1 F U the applications (rs) for r and s in H(n, F), the sums 

r + s for r and s in H(n, F), the projections 7r^(r) for in H(n, F). □ 

2.2. Examples 

Example 2.5. Let s : A and t : B. Then tt b ^a((Xx AaB .x)s)t : A, 

Xx AAB .x : (AAB) =^ (AAB) ( 
Xx AaB .x : A => B => (AAB) ~ s:A 



(Xx AAB .x)s :B^(AAB) 
(Ax^.^s : (B^A)A(B^ B) 



( = ) 

(Ae„) 



7r B ^A((Ax AAB .a;)s) : B => A t:B 

_ : ' ) 

7TB^A((Aa; AAi3 .a;)s)t : A 

The reduction is as follows: 

tt b ^a((Xx AaB .x)s)t <± ttj^((Xx AaB .x)st) ?± ^ A ((Ax AAS .a;)(s + t)) 

^ 7Ta(s + t) S 

Example 2.6. Let r : A, s : B. Then (Xx A .Xy B .x)(r + s) ^ (Aa; A .A?/ s .x)rs 
r. However, if A = B, it is also possible to reduce in the following way 

{Xx A .Xy B .x)(r + s) «=t (AaAAy^Xr + s) 
<=± (AaAAy A .a;)(s + r) 
<=* (Aa; j4 .A?/ A .x)sr 
<-+* s 

Hence, the encoding of the projector also behaves non-deterministically. 
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Example 2.7. Let IF = Xx A .Xy B .{x + y). Then 

— -. ( ax ) — ( ax ) 

x A y : B (a») 



x A + y B : AAB 
Xy B .{x + y):B^{AAB) ^ 
TF : A => B => (AAB) 
TF :(A^ B ^ A) A{A^ B ^ B) 
tta=>b=>a(TF) ■ A^B^ A 

Then, if r : A and s : B, we have tta=>b=>a(TF)ts : A. Notice that 

TtA=>B=s-A (TF)rs <=> 7r s ^ A (TFr)s <=> Tr^TFrs) M-* 7r A (r + s) ^ r 

Example 2.8. Let T = A^.Ay s .x and F = Xx A .Xy B .y. Then 

T:A^B^A F:A^B^B (A) 
T + F : (A B => A) A (A =» B => B) * TF : (A => B => A) A {A => B =S> B) 

T + F + TF : ((A 5 B 5 A) A (A => B =» B)) A ((A B A) A (A => B =>• B)) 

Hence 7r( J 4^ >B=>J 4) A ( J 4^ >s ^ B ) (T + F + TF) is well typed and reduces non-determi- 
nistically either to T + F or to TF. Moreover, notice that T + F and TF are 
observationally equivalent, that is, (T + F)rs and TFrs both reduce to the same 
term (r + s). Hence in this very particular case, the non-deterministic choice 
does not play any role. We will come back to the encoding of booleans on this 
calculus on Section 4.3. 

Example 2.9. Let r : C. Then 

Xx AAB)^A Xy (AAB)^B r . ^ A AB )^A)^((AAB)^B)^C 

and since ((A A B) => A) => ((A A B) => B) =» C = ((A A B) =» [A A B)) =» C, 
we also can derive 

Xx AAB)^A Xy (AAB)^B r . {{A AB )^(AAB))^C 

Hence 

( Xx (AAB)^A Xy (AAB)^B r){Xz AAB z) . c 

The reduction is as follows: 

{Xx (AAB)^A Xy (AAB)^B t){Xz AAB ) 

,_. (\„(AAB)=>A i„WAB)4B i\ L /\,AaB\ , _ (\^ A ^ B \\ 

^ (Xx y .Ay y .%) \ Tt(AAB)=$-A\XZ ) + ^(aab)^b(Xz )) 

i± [{Xx^ B ^ A Ay^ B ^ B .t) HAhB) ^ A {Xz A ^ B )) k (A ab)^b{\z AaB ) 

^*t[ HAAB) ^ A (\z A * B )/x][ HA ^ B (\z A ^ B )/y] 
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Example 2.10. Let r : C. Then 



(ax) 



„aab :AaB 



(=><) 



\x AaB .x : (A A B) (A A B) r : C 

(\x A * B .x) + r : {A A B) (A A B) A C * 
(\x AAB .x) + r : ((A A B) A) A C A (A A B) ^ B) ~ ) 
7T((AAB)^)Ac((Aa ; AAB .x) + r) : ((A AB)=>A)AC) 

The reduction is as follows: 

^((Aab)^A)ac((^x AaB .x) + r) ^ 7r (AAS) ^ A (Aa; AA - B ..T) + 7r c (r) 

^ 7r (AAB) ^ j4 (Ax AAS .a;) + r 
^(Ax AAS .7r A (x))+r 

2.3. Subject Reduction 

Our system has the subject reduction property, that is, the set of types as- 
signed to a term is invariant under and e -K Before proving subject reduction, 
we need the following results. 

Lemma 2.11 (Generation Lemmas). 

1. Ifx A : B, then A = B. 

2. If Xx A .r : B, then B = A => C , r : C and (V(r) U {x A }) } . 

3. If rs : B, then r : A =>• B and s : A. 

4. If r + s : A, then A = B A C with r : B and s : C. 

5. If Tr A (r) : B, then A = B and (r : B or r : B AC). 

Proof. The proof follows by a straightforward induction on the typing deriva- 
tion. To notice that such an induction is straightforward, it suffices to real- 
ize that the only typing rule not changing the term, is (=). For example, if 
Xx A .r : B, then the only way to type this term is either by rule (=>i), and so 
B = A => C for some, C, r : C and {V(r) U {a;" 4 }) , or by rule (=), and so the 
induction hypothesis applies and B = A => C. □ 

In the remaining of this paper, we may use Lemma 2.11 implicitly. 

Lemma 2.12 (Substitution Lemma). If r : A, s : B and (V(r) U {x B }Y , then 
r[s/x B ] : A 

Proof. We proceed by structural induction on r. 

• Let r = x A . Since (V(x A ) U {x B }) f implies A = B, we have s : A. Notice 
that x A [s/x A ] = s, so x A [s/x B ] : A. 

• Let r = y A , with y ^ x. Notice that y A [s/x B ] = y A , so y A [s/x B ] : A. 
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• Let r = Xy c .r'. Then A = C =^> D, with r' : D. By the induction 
hypothesis r'[s/x B ] : D, and so, by rule \y c .r'[s/x B ] : C D. 
Since \y c .y'[s/x b ] = (Xy A .r')[s/x B ], using rule (=), (\y c .r')[s / x B ] : A. 

• Let r = rir2. Then ri : C => A and r2 : C. By the induction hy- 
pothesis ri[s/a; B ] : C => A and T2[s/x B } : C, and so, by rule (=> e ), 
(ri[s/o; s ])(r2[s/a; B ]) : A. Since (r 1 [s/x B ])(r 2 [s/a; s ]) = (rir 2 )[s/x B ], we 
have (rir2)[s/x B ] : A. 

• Let r = ri + r 2 . Then ri : A 1 and r 2 : A 2 , with A = A\ f\ A 2 . By 
the induction hypothesis Yi[s/x B ] : Ai and Y2[s/x B ] : A 2 , and so, by rule 
(A,), (ri[s/x B ]) + (r 2 [s/x B }) : A 1 A A 2 . Since (nts/s*]) + (r 2 [s/x B ]) = 
(ri + r2)[s/.T B ], using rule (=), we have (ri + r2)[s/a; B ] : A. 

• Let r = tta ( r ') • Then cither r' : A, or r' : A A C. By the induction 
hypothesis, either r'[s/x B ] : A or r'[s/x B ] : A A C. In any case, either by 
rule A ei or A e „, 71^4 (^[s/a;- 8 ]) : A. Since ^(r'fs/a; 5 ]) = ita(t')[s/x b ], wc 
have 7TA(r')[s/a; s ] : A. □ 

Theorem 2.13 (Subject reduction). If r : A and r «-> s orr^s i/ien s : A. 

Proof. We proceed by induction on the rewrite relation. 

r + s^s + r: If r + s : A, then A = A\ AA 2 = A 2 A Ai, with r : A x and s : A 2 . 
Then, 

s:A2 r:Al (A,) 
s + r:A 2 AAi 

s + r : A 

(r + s) + t ^ r + (s + t): 

If (r + s) + t : A, then A = (Ay A A 2 ) A A 3 = A 1 A (A 2 A A 3 ), with 
r : Ai, s : A 2 and t : A 3 . Then, 



s:A 2 t:A 3 



r:A 1 s + t : A 2 A A 3 
r + (s + t) : Ai A (A 2 A A 3 



r + (s + t) : A 

(<_) Analogous to ( ->> ). 

Ax s .(r + s) ^ Aa; B .r + Xx B .s: 

(-*) If Ax B (r + s) : A, then A = B => (CiAC 2 ) = (S d)A(B C 2 ), 
with r : C\ and s : C 2 . Then, 

r:d s:C 2 



As B .r:g=>Ci Ax B .s : g =»> C 2 } 

Aai B .r + Ax B .s : (B Ci) A(B C 2 ) * 
Ax B .r + As B .s : A 
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(<_) If \x b .t + Xx B .s : A, then A = (B => d) A (B => C 2 ) = B => 
(Ci A C 2 ), with r : Ci and s : C 2 . Then, 

r:Ci s:C 2 A< 
r + s : Ci A C 2 ' 



Ax B (r + s) : B => (Ci A C 2 ) ( 
Ax B .(r + s) : A 

(r + s)t ^ rt + st: 

("*■) If (r + s)t : A, then r + s : B => A, and t : B. Hence A = A\ A A 2 , 
with r : B => Ai and s : B => A 2 . Then, 

r : B =^ A x t : B , . s : B ^ A 2 t : B . , 

1 — 1 1 — 1 

rt : Ay st : A 2 

rt + st : Ax A Ag 

rt + st : A 

(<_) If rt + st : A, then A = Ai A A 2 with r : B => Ai, s : B' => A 2 , t : B 
and t : B'. By Lemma 2.1, B = B'. Then 

s : B' =» A 2 
r:B^Ai s:B^A 2 



r + s: (B^Ax) A(B^ A 2/ 



r + s:B=>(AxAA 2 ) t :B 

(r + s)t : Ai A A 2 



(r + s)t : A 

n B ^c(^x B .r) Xx B .TT C (r): 

If 7r s ^ c (Ax B .r) : A, then A = B => C and either Aa; B .r : B => 
(C A D) or A.T B .r : C =^> D. Hence either r : C A D, or r : C. In any 
case, either by rule (A ei ) or (A e „), 7Tc(r) ■ C, so 

«rc« : O ( ^ } 



Ax B .^ c (r) :B^C 
Ax B .7r c (r) : A 

(<_) If Ax B .7r c (r) : A, then A = B => C and 7r c (r) : C, so either r : CAB 
or r : C. Hence, either 

r:C*A£> 

r : C 



\x B .r : B => (CAB) — - 1 : ° (=H) 

Az B r : (B => C) A (B B) * or Ax B .r^ B ^- C (Ae) 

^ — — ' — i '- (A.) tts^c Ax B .r : B => C 

^c ^ B .r : B =» C 5 (=) 

— (=) TTs^cCAi^.r) : A 

7r B ^c(Aa; B .r) : A 
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TB=M7(r) s <=* 7T C (rs) with r : B => (C A D): Then s : B. 

If 7r B ^c(r)s : A, then A = C. 

r : B => (C A £>) s : B 



™:CAD ( j 
^c(rs) : C 



(=>•«) 



7r c (rs) : A 
(<_) If 7r c (rs) : A, then A = C. 

r:B4(CAD) 



r : (B =» C) A (B =» D) 

7r B ^c(r) : B C ' s:B 

— (=>■«) 

7Tg^c(r)s : C 

7r B ^c(r)s : A 

rst r(s + t): 

(->■) If rst : A : then r : B =>- C => A = (B A C) A, s : B and t : C. 



Then, 

r:(BAC)=>j4 s + t : B A C 



r:B^C^A (=) s : B t : C (A;) 



r(s + t) : A 

(<_) If r(s + 1) : A, then r : (B A C) => A = B =>• C => A, s : B and t : C. 



Then 

r : (SAC) =>• A 

r-.B^C ^A (=) s : B ,^ ) 

rs:C^A ° t : C ^ 

rst : A 

r <=± r[B/C] with B = C: If r : A, since A = A[B/C], a straightforward induc- 
tion on r allows to prove r[B/C] : A. 

7r_BAD( r + s) ^ 7T B (r) + 7r D (s) with r : B A C and s : D A E: 

If 7r BAD (r + s) : A then A = B AD. Then 

r:^AC (Ac) s : D A E (A>) 

ttb (r) : B 7rj>(s) : B 

7TB (r) +7T£>(S) -BAD ' 



-KB (r) + 7td(s) : A 

(<_) If 7r B (r) + 7TB (s) : A, then A = B AD. Then 

v.B AC s:DAE 



- (A,) 

+ s : (B A C) A (D A B) 
+ s : (B A D) A(C A E) ~ ) 
7rBAD(r + s) -.BAD 



ttbadO + s) : A 
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(Xx B .r)s <^-> r[s/ar] with s : B: If (Ax s .r)s : A, then Ax s .r : B => A and s : B, 
and so r : A and (V(r) U {x B }) f . Then by Lemma 2.12, r[s/x B ] : A. 

7Ts(r + s) r with r : B: If 7TB(r + s) : A, then A = B, and so, by rule (=), 
r : A. 

7Ts(r) ^ r with r : B: If 7Ts(r) : A, then A = B, and so, by rule (=), r : A. 

r ^ 7r B (r) + 7r c (r) with r ^* n + r 2 and r : B A C: If r : A then A = BAC. 
Then 

TTa (r) : -B 7r B (r) : 5 

7r B (r) +7r c (r) : B AC ' 
7r s (r) + 7rc(r) : A 

Contextual cases Let t — >■ r, where — > is either or 

\x B .t -> Xx B .r If \x B .t : A, then A = B => C and t : C, hence by the 
induction hypothesis, r : C and so Xx B .r; B C = A. 

ts — > rs If ts : A then t : B => A and s : B, hence by the induction 
hypothesis, r : B =>• A and so rs : A. 

st — >■ st If st : A then s : B => A and t : B, hence by the induction 
hypothesis r : B and so sr : A. 

t + s — ^ r + s If t + s : A then A = A\ A A2 where t : A\ and s : A2 , hence 
by the induction hypothesis, r : A\ and so r + s : A\ A A2 = A. 

s + t — > s + r Analogous to previous case. 

ttb (t) — > Tr B (r) If 7Ts(t) : A then ^4 = -B and t : B A C or t : S, hence by 
the induction hypothesis r : £? A C or r : B, in any case, 7rs(r) : S = 
A. □ 



3. Strong Normalisation and Normal Forms 

3.1. Strong Normalisation 

Now we prove the strong normalisation property. In our setting, strong 
normalisation means that every reduction sequence fired from a typed term 
eventually terminates in a term in normal form modulo <=^*. In other words, 
no > reduction can be fired from it, even after <=^ steps. Formally, we define 
Red(r) = {s | r ~* s}. Hence, a term r is in normal form if Red(r) = 0. 
When r is strongly normalising, we write (r) j for the maximum number of ~->- 
steps needed to get a normal form of r. We denote by SN the set of strongly 
normalising terms. 

We use the notation (Aj) i=1 => B for A\ => •••=>- A„ => B. with the 

convention that (Ai) i=1 => B = B. In addition, we write s for s\ . . . s n . 

The normalisation proof is based in the representation lemma for types 
(Lemma 3.4), for which we define conjunction- free types as follows. 
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Definition 3.1. A conjunction-free type is a type without conjunctions, which 
can be produced by the following grammar: 

S,R,T ::= r \ S => R 

The canonical form of a type, written can(A), is a conjunction of conjunction- 
free types, and it is defined inductively by 

can(r) = r can(A ^ B) = let AILi Si = can(^) in 

can(A A B) = can(A) A can(B) let AjLi Rj = can(B) in 

A7=i (W=i =* 

Example 3.2. can((SiAS 2 ) => (RiAR 2 )) = (Si =» S 2 => Ri)A(Si =» S 2 => R 2 ) 

Lemma 3.3. For any A, A = can (A). 

Proof. We proceed by structural induction on A. 

• Let A = t. Then A = can(A). 

• Let A — B AC. By the induction hypothesis B = can(B) and C = can(C), 
hence A = can(S) A can(C) = can(B AC) = can(A). 

• Let A = B => C. By the induction hypothesis B = A™=i Si and C = 

A™ =1 Rj, so a = (Ar =1 gj)=»(A7=i E i) = A?=i(A£=i ^ which is 

finally equivalent to Aj=i (Sj)j = i => Rj. □ 



Lemma 3.4. For any A, can(A) = A"=i (Sij) = \ =>■ Tj withn > 1 andVi,mi > 
0. J 

Proof. We proceed by structural induction on A 

• A = t. Then take n = 1 and mi = 0. 

• A = B A C . By the induction hypothesis can(£?) = Ai=i (Sij)jli ^ T 
and can(C) = A"=fe+i ( S ij)™2i => T , so can(S AC) = can(B) A can(C) = 
AtxC^^r. 



A = B => C. By the induction hypothesis can(_B) = A™=i (S*fe)fe=i 



and can(C) = Aj=i [RjiflLi ^ T - Then we have that can(£> => C) 



a;=i (w^i =* ^) i=1 =► (^-d =* r = a;=i c^ir =* ^th 

Tji = (Sik) k=1 r if i < n, and = Rj(i- n ) ft i > n. □ 
Definition 3.5. The interpretation of canonical types is given by 



Ac* 



4=1 



= r | Vi, 



where n > 1, and m > 0 



implies 7r-r^:mi _^ fr)sj e SN 
j = l,...,mi (s«; J=l =»-fV 

The interpretation of a general type A is defined by [can (.A)]. 
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In order to prove that equivalent types have the same interpretation (Corol- 
lary 3.10), we need first the following intermediate results. 

Definition 3.6. Let can'°(A) be defined in a similar way than can(A) but where 
each time there is a conjunction, it is taken in quasi-lexicographic order (that 
is, strings are ordered firstly by length, and then lexicographically), and with 
the parenthesis associated to the right. 

Example 3.7. Let Si < S 2 < S 3 and Ri < R 2 . 

• can'°((T t) A t) = r A (r => r). 

• can (o (A Li Si) = Si A (S 2 A S 3 ). 

• can io ((S 2 A S 3 ) A Si) = Si A (S 2 A S 3 ). 

• can io ((S 2 A Si) =» R) = Si =» S 2 => R. 

• can io ((S 2 A Si) => (Ri A R 2 )) = (Si =^ S 2 => Ri) A (Si S 2 => R 2 ). 
Lemma 3.8. If A = B, then can io (,4) = can lo (B). 

Proof. By induction on the equivalence relation. 

• AAB = BAA. Let can lo (A) be equal to car/°(A™ =1 Si) and can io (B) equal 
to can'°(A™ =1 Rj). Then can lo (A A B) = can io '((A™ =1 Si) A (A™ x iZj) = 
can !o (BAA). 

• (AAB)ACe4a(BAC). Analogous to the previous case. 

• A => (B A C) = (^ B) A (A C). Let can Zo (A) = can' 0 (Ar = i 
can io (B) = can io (Aj =1 andcan io (C*) = can'°(AJL fc+1 Rj), socan'°(BA 
C) = can io (A" =1 i?j). Hence, can io (yl =► (B AC)) = can'°(A™ =1 

ify) = can io (can io (^4 => B)Acan io (,4 =>• C)) = can /o ((A =4> B)A{A => C)). 

• (AAB)^C = A^B^C. Let can'°(yl) = can'°(A*U Si), can lo (B) = 
can io (A" =fc+1 Si) and can io (C) = can io (A™i Rj). Hence, can /o ((A AS) => 

C)=can io (A™ 1 (^L 1 ^i?,). 

On the other hand, can'°(B =>• C) = can lo (/\™ =1 JS^ =k+1 => Rj), so 
can'°(A => B=>C)= can'°(A™ ± (S$ =1 =► (OT =fc+ i =*> and notice 
that this is equal to can lo (/\f =1 (#i)"=i = can io ((A A B) => C). 

• Congruence: 

— Let A = B be a consequence of ^4 = B. Trivial case. 

— Let A = C be a consequence of A = B and B = C. By the induc- 
tion hypothesis can'°(A) = can lo (B) and can'°(i?) = can'°(C), hence 
can' 0 (A) = can'°(C). 
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— Lot A=>C = .B=>Cbea consequence of A = B. Let can io (A) = 
can'°(Ar=i^), and can'°(C) = can io (A™i Rj). Then can'°(A => 

C) = can (A^=i (^i)i=i ^j)- By tne induction hypothesis, we 
have that can'°(B) = can'°(A™ =1 5",), and hence can'°(B => C) = 

- Let A A C = B A C be a consequence of A = B. can'°(A A C) = 
can Zo (can Zo (A)Acan io (C)), which by the induction hypothesis, is equal 
to can io (can'°(B) A can lo (C)) = can lo (B A C). □ 

Lemma 3.9. MA, [can(A)] = [can'°(A)] . 

Proof. Let can(A) = AILi ( S ij)J=i => T - Hence, [can (A)] = {r | Mi, if for 
j = 1 j • • • 

,rrii, Sij G ["S'ijjj then 7T/^ ^"»» _>, r (r)si G SN}, which, by rule (sxjbst) is 
equal to {r | Mi, if for j = 1, ...,m,, s^- G [,%], then 7r canio( ^-ymi _. T )(r)sj £ 
SN} = [can io (A)]. □ 

Corollary 3.10. If A = B, then [can (A)] = [can(B)]. 

Proof. By Lemma 3.8, A = B implies can io (A) = can'°(i?), and by Lemma 3.9, 
[can(A)] = |can io (A)] for all A. Hence, 

[can(A)l = [can'°(A)] = [can io (B)] = [can(B)] □ 
Lemma 3.11. MA, [can(A)] ^ 0. 

Proof. If s G SN, then both x A s and itb{x a )s are in SN, hence for all A, 
x A G [can(A)]. □ 

Lemma 3.12. MA, [can(A)] C SN. 

Proof. Let can(A) = A?=iO%)j=i =^ r and r e [can (A)]. Assume r ^ SN, 
then for any s, ^jg—y^i =;>T ( r )s^ SN. A contradiction. □ 

Lemma 3.13. If r £ SN, then ^(r) G SN. 

Proof. We proceed by induction on the sum the size of r and the sum of the 
number of steps to reach the normal form by any path starting on r. The 
possible reduction from 7T/t(r) are: 

• 7T7[(r'), and so the induction hypothesis applies, 

• r', with r' : A and either r <^ r' + 1 or just r r'. In any case, since 
r G SN, then r' G SN. 

• TTA 1 (ri) + 7r J 4 2 (r 2 ), with A = A\ A A 2 , and r ri + r 2 . Since r G SN, 
then ri 6 SN and r 2 6 SN. Hence the induction hypothesis applies. 
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• 7r^ 1 (7TA(r)) +7TA 2 ( 7r A(r)), with A = A\ AA2, and r ^* ri + r 2 . Hence we 
cannot reduce the projection in head possition, not tta, we must reduce 
r first. If there is not ri + r 2 in the path to reach the normal form of 
r, then we are done. Suppose there is ri + r 2 . Then the projection will 
project either ri or r 2 . In any case, since r g SN, we have ri £ SN and 
r 2 eSN. □ 

Lemma 3.14. // n G SN and r 2 G SN, then n + r 2 G SN 

Proof. First we prove the following property: If ri + r 2 <=±* s ^ s', then, there 
exist ti and t 2 such that s' <=^* ti + t 2 , with either (ri ~» ti and r 2 ~~> t 2 ) or 
(ri ~-> ti and r 2 = t 2 ) or (ri = ti and r 2 ~~> t 2 ). Once this property is proven, 
we have that if ri + r 2 is not in SN, then for each s in the infinite reduction 
path, s <=±* ti +t 2 such that either ri ~-> ti and r 2 ~~> t 2 or ri ti and r 2 = t 2 
or ri = ti and r 2 ~-> t 2 . In any case, at least one of ri and r 2 has an infinite 
path reduction, which is an absurd since ri and r 2 are in SN. 

We proceed to prove the needed property. 

The possible terms s ri + r 2 are: 

• r[ + r 2 with ri <=^* rj and r 2 <=^* r 2 . This is the trivial case. 

• Xxf 1 ...Xx A ".{r[+r' 2 ), with 

rj ^* Xxf 1 ...Xx A ".r[ 
r 2 ^* Xxf 1 ...Xx^.r' 2 

Then the only possible reduction from this term is 

Xx^...Xx^.(r'{ + r'i) 

with (r[ •+* r" and r 2 = r 2 ), or (r^ = r" and r 2 ~+ r 2 ). 

In any case, it is equivalent to Xxf 1 . . . Xx An .v'[ + Xxf 1 . . . Ax^".r 2 ', and 
notice that either 

Xxf 1 . 
Xxf 1 . 

or 

Xxf 1 . 
Xxf 1 . 

• (r[ + r 2 )si . . . s„, with 
The only possible ^--reductions from this term are: 



Xx An 

/\x n 


A 


■** Xxf 1 . . 


■ Xx An 


A 


Xx n n 


A 


= Xxf 1 .. 




A 


Xx An 

/\x n 


A 


= Xxf 1 .. 


■ Xx An 


A 


Xx n n 


A 


~* Xxf 1 . . 


.Xx A - 


A 


ri 




r[si ...s n 






T2 




r 2 Si . . . s n 
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(r[ + r' 2 )si . . . s- . . . s n <=t* r'^i . . . s- . . . s„ + r 2 si . . . . . . s„ 

with Si s'. 
Notice that 

r[si . . . s„ r'^i . . . . . . s„ 

r 2 Si . . . s„ ~> r 2 Si . . . . . . s„ 

(r'/ + r' 2 ')s! . . . s„ 

with either (r[ r" and r 2 = r' 2 '), or (r[ = r'{ and r 2 r 2 ). 

In any case, it is equivalent to r'/si . . . s„ + r 2 Si . . . s„, and notice 

that either 

■ °n 



or 





• ■ 


~> r'/si 


r 2 si . 


• ■ 


- r' 2 'si 


r'xSi . 


• ■ S77, 


= r'/ Sl 


r' 2 si . 




~> r 2 'si 


1*1 




"Ai ( r l ) 


1*2 




7TA 2 (r 2 ) 



7IAiAA 2 ( r 'l + r 2); with 



The only possible ^-reductions from this term are: 

- n AlAA2 (r'{ + r%) 

with either (r^ r") and (r 2 = r 2 ) or (r^ = r" and r 2 r 2 ). 



Notice that either 



or 



7TA 2 (r 2 ) = 7TA 2 (r 2 ') 

7r Al (ri) = 7r Al (ri') 
i"A 2 (r 2 ) 7r A2 (r 2 ') 



ti+ta 

with r' x <=^* ti + t[ and r 2 
Notice that 



ka^'i) ~> ti 
*A 2 (r' 2 ) ~» t 2 



Notice that 



i"A 2 (r 2 ) ~> r 2 □ 
Lemma 3.15. //re SN, i/ien AaAr e SN. 

Proof. First we prove the following property: If Xx A .r <=^* s <—t s', then, there 
exists t such that s' «=^* Xx A .t, with r ~-> t. Once this property is proven, we 
have that if Xx A .r is not in SN, then for each s in the infinite reduction path, 
s <=^* Xx A .t such that r ~» t, which is absurd since r G SN. 

We proceed to prove the needed property. The possible terms s <=^* Xx A .r 
are: 
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• Xx A .r' , with r r'. This is the trivial case. 

• Xx A .ri + Xx A .r 2 
with r <=^* Yi + r 2 . 

The only possible ^--reduction from this term is: 

Aar^.rJ + \x A .r' 2 

with (ri ^ r[ and r 2 = r' 2 ) or (ri = r[ and r 2 <^-> r' 2 ). 
In any case, ri + r 2 •+* r[ + r' 2 . 

• ^a^b 1 (^a^b 2 {- ■ ■^a^b 71 (Xx a .t'))) 
with r 7r Bl (7T B2 (. . . TT Bn (r')))- 

The only possible ^--reductions from this are: 

- tta^S! (tta^Ss (■ • • 7r A^i3„ (Ax A .r"))), with r' ^ r". 
Notice that r 7r Bl (ttb 2 (• ■ • n B n ( r ")))- 

- TTA^Bf (7rA^Bi(7rA=^s 2 (- ■ • 7r A^s„ (AaAr')))) 

+7Ta^bj' (tta^B! {ka^b 2 (■ • • 7rA^B„ (AaAr')))) 
with Si = B[AB'{. 

Notie that, since r ^* ri + r 2 , otherwise the rule S would not have 
been applied, we have 

r ~» tt b; (tt Bi (tt B2 (. . . TT Bn (r")))) + tt b; < (tt Bi (tt B2 (. . . tt b „ (r")))) □ 

Lemma 3.16. If r e [can(A)] and s G [can(B)], fen r+se [can(AAB)]. 

Proof. Let can(A) = /\ i=1 (%) J . =1 => r and can(P) = A"=fc+i ( S ij)jli T > so 
can(A AB) = A"=i T - Then we have that for alH = 1, . . . , k, if for 

j = 1, . . . , m,;, G I'S'ij], then 7 r^ g p =>T (r)tj 6 SN and for all i = k + 1, . . . , n, 
if for j = 1, . . . , mi, ty G [iSij], then i r,„ (s)tj G SN. Therefore, for all 

i = 1, . . . , n, if for j = 1, . . . , m,, ty G [SV,], we have TrTg^-y™* ^ T ( r + s )t» e SN, 
so r + s G [can(A A B)}. □ 

Let (J be a term substitution. We write or for r after the substitutions a. 
We say that a is adequate if for all x A , cr(x A ) G [can(^4)J. 

The following lemma shows that any adequate substitution applied to a term, 
is in the interpretation of the type of such term. This lemma, together with 
Lemma 3.12, implies that a typed term is strongly normalising (Theorem 3.18). 

Lemma 3.17 (Adequacy). If r : A and a adequate, then ar G [can(A)J. 

Proof. We proceed by induction on the typing derivation. 

• Let x A : A be a consequence of rule (ax). Since a is adequate, a(x A ) G 
[can(A)J. 
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• Let r : B be a consequence of r : A, A = B and rule (=). By the induction 
hypothesis Vcr adequate, err G [can (A)], so by Lemma 3.10, err G [can(B)J. 

• Let Xx A .r : A =>■ B be a consequence of r : B and rule (=>i). Let can (A) = 

AILi i r and can(S) = /\J^ =1 (Rjk) h k 3 =1 =>■ r. By the induction 

hypothesis, err G [can(B)J, that is, for all j, if Sjft G [-Rjfe], for fc = 
l,...,hj, then 7r— - — -hj ( crr )s'j G SN. Notice that crAx^.r = Ax' 4 . err. 

We must show that 
AaAcrr G 



that is, we must show that Vj, if for i = 1, . . . , n, tj G 
for k = 1, . . . , /ij, s jfc G \Rjk\, then 



C%i)z=i 



and 



(Ax A .err)tSj G SN 



By Lemma 3.3, A = can(A), so 

(Ax' 4 .crr)ts :) 

_(Ax A "=i^S^ T .crr)ts 3 - 



<=^ 7T-: 



(R 3 k) k J =1 = 



.((Ax 



.err)t)sj 



.((Ax 



.err 



)($>))* 



Since err is in SN, by Lemma 3.15, Ax^.crr G SN, and then by Lemma 3.13, 
h, (Ax" 4 . err) G SN, hence Ax A .7r T 



SN . And since also t, Sj G SN, we can proceed by induction on the sum of 
the number of steps to reach the normal form of each of these terms. The 
possible reductions fired from 7r- 



((S«)rii^) 4=1 =Kii.,- (t ) fc L I ^T 



reducing one of U,Sjk, Xx A .ar or Ax A .7r- 



(Ax .crr)tSj are: 
(err) , then the 



'J* 

induction hypothesis applies, 

^TiT^i ^("E^iW 1 ])^' Then consider a' = a, [£" =1 U/x]. 
By Lemma 3.16, a' is adequate, hence 



(«ifc) fc li= 



^(^E^/^Dsj = 7Tp-)'*£ i ^ T (^i')sj G SN 
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using rule (5). From this term, the only possible reductions are like 
in the two previous cases ((5) cannot be applied twice). Hence the 
term is in SN. 

Let rs : B be a consequence of r : A => B, s : A and rule (=> e )- Let 
can(A) = AILi ( s ih) h Li => t and can(B) = /\° =1 (Rjk) k Li r > then 

can(A => S) = A™ i (0^)^=1 ^ T Ci =► ( R ik)k=i t. By the induc- 
tion hypothesis, if cr adequate, or G [can(A B)J and crs G [can (A)], 

and for 



that is, for j = 1, . . . , m, if for i = 1, . . . , n, tji G 
k = l,...,pk, u jk G [i?jfc], then 



(ortfjUj G SN 



((^h) h =i=>T)i=i=>-(^*);Li 
Remark that 

n 

2 — 1 

hence since or G [can(A => S)J, by Lemma 3.16, if e I can (^)l; 

then ^rnTT"' TIT " i7F Yi ^(^(EiUfyOfy G SN - Since we have 
as G [can (A) J, we have that tt — — mi r» — — - Pj - (crr)ersu., is 

((■iih) h=1 =^T). = 1 =>(Kj fc ) J . =1 =S>r 

equivalent to tt-tb — _^ ((err)crs)u,- = tttb — _i (c(rs))u,- G SN, and 
so cr(rs) G [can(B)]. 

Let r + s : A A B be a consequence of r : A, s : B and rule (A;). By 
the induction hypothesis, Ver adequate, err G [can(A)] and crs G [can(_B)J, 
hence by Lemma 3.16, err + crs G [can(^4 A £?)]. Notice that err + crs = 
cr(r + s). 

Let 7TA(r) : A be a consequence of r : A A B and rule (A e „). By the 
induction hypothesis, Vcr adequate, err G [can (A AS)]. Let can(A) = 

Aj=i 0%)j=!i T and can(B) = A"=fe+i ( S ij)jli => T ) tncn we nave GV G 
Jcan(iAB)] means that Vi, if Vj, sy G [SV,], then 7i"7g-T m i (err)s*i G 
SN. 

We need to prove that 

By Lemma 3.13, it sufhees to prove Tr Ak To-r m i . (crr)si G SN. If k = 1, 

/\i=l \&ij)j=l = ?' T 

then we are done. In other case, we proceed by induction on the sum of the 
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number of steps to reach the normal form of err, s, and tt a & (q . (err) 

/\i = l y^ij ) j = l^ T 

(which is in SN by Lemma 3.13). The possible reductions fired from 
7r Af =1 (^)7= 1 i^( t7r )^ are: 

— reducing one of err, s 1 , . . . , s J or n. k i-q-^:^i . (err), then the induc- 

/\i = l ) j = l^ r 

tion hypothesis applies, 

— r'si, with r' : Ai=i (^i)i=i ^ T anc ^ cr = r' + t or just err = r'. 
Since i r^ s ^ ^ >r ( crr )si 7r r (errSi) £ SN which is equal either to 

7r T ((r' + t)s;) G SN, then we have 7r T (r'si +tSi) G SN, or to 7r T (r'si) G 
SN, in any case we can conclude r's^ £ SN. 

(5). From this term, the only possible reductions are like in the two 
previous cases ((5) cannot be applied twice). Hence the term is in 
SN. 

— Any other reduction involving first using DisT ee -rule, are analogous to 
the previous case. 

• Let 71^4 (r) : A be a consequence of r : A and rule (A ei ). By the induction 
hypothesis err G [can (A)], that is, if can (A) = A"=i {&ij)j=i ^ r > f° r a ^ 
i, if for all j, Sjj G |[can(S' ij )], then ^jg-^ m i ^ T {crr)si G SN. Notice that 
since err : A, we have TTja-^: m i , (crr)sj <=^* ^((crr)^), hence (crr)si G SN, 
so ^(crr)^ G SN, which implies ■n-ro-^i (^(crr))^ G SN. □ 

Now we can prove strong normalisation as a corollary of Lemma 3.17. 

Theorem 3.18 (Strong normalisation). If r : A, then re SN. 

Proof. If r : A, by Lemma 3.17, for all cr adequate, err G [can(A)]. Take 
er = identity, and notice that it is adequate (cf. proof of Lemma 3.11), then 
err = r G [can(^4)J, which by Lemma 3.12, is in SN. □ 

3.2. Characterisation of Typed Closed Normal Forms 

In this section, we give a characterisation of typed closed normal forms 
(Theorem 3.20), for which we need the following auxiliary result. 

Lemma 3.19. If r : A A B and FV(r) = 0, then ^(r) reduces using at least 
one reduction n n (that is, a projection discarding part of the term, in contrast 
with reduction m, which keep the whole term). 

Proof. We proceed by structural induction on r. 

• If r = \x c .s then A = C => A' and B = C => B' , with s : A' A B' . So, 
irc^A' (Ax .s) Xx c .tta' (s), which by the induction hypothesis reduces 
using at least one 7r„ reduction. 
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• If r = rir 2 then ri : C =>• (A A B), so 7TA(rir 2 ) T± ■kc^a{*i)*2- We 
conclude with the induction hypothesis. 

• If r = ri + r 2 the cases are: 

— ri : A and r 2 : B, then 71^4 (r) '->•„■„ ri 

— ri : A A B\ and r 2 : -B 2 , with B = Bi A B2, then, by the induction 
hypothesis, 7r^(ri) reduces using at least one 7r„ reduction, and so 
^(1*1 + v 2) does the same. 

— ri : A\ A B and r 2 : A 2 A -B, with A = A\ A A 2 , then 7r^(ri + r 2 ) <^ 
7r A 1 AA 2 (i"i+r 2 ) 71"^ (ri)+7ivi 2 (r 2 ), and by the induction hypothesis 
both tta 1 {ti) and 7r J 4 2 (r 2 ) reduce using at least one 7r„ reduction. 

• If r = 7Tc(s), then C = AAB and s : A A B A D, so by the induction 
hypothesis, ttc(s) reduces using at least one n n reduction, hence tta(^c{ s )) 
does the same. □ 

Theorem 3.20 (Characterisation of typed closed normal forms). If r : A and 
FV(r) — Red(r) = 0, then there exists A±, . . . , A n , tj : Bj for j = 1, . . . ,m and 
C\, . . . ,C m , withn+m> 1 suchthatr^-* Elt=i \x Ai .s i +Y^j L =i{^ xBjACj - r j)tj ■ 

Proof. We proceed by structural induction on r. 

• If r = Xx A .s, then we are done. 

• If r = rir 2 , then ri : B => A, r 2 : B. So, by the induction hypothesis 
ri ^* E"=i A^ A< .Si + E.tiCA^^'.r^ti, hence 

n m 

rir 2 ^*(^ A^'.s, + ^(A^' A ^.r;)t J )r 2 

»=1 J=l 
n m 

^* ^(A^. Sl )r 2 + ^(Aa^'.rJOtjTa 

i=i j=i 

• If r = ri + r 2 , then for j = 1,2, : A^-, so by the induction hypothesis 

Ep m+ i(^ B ^.r J )t J , so r ^* Eti A**.* + Ej=i(Az SjACj -rj)t,-. 

• If r = 71,4 (s), then s : AAB, indeed, s cannot have type A because 
Red(7r A (s)) = 0. So, by Lemma 3.19, Red(7r A (s)) ^ 0. □ 

4. Computing with our Calculus 

4-1. Pairs (and lists) 

Because the symbol + is associative and commutative, our calculus does not 
contain the usual notion of pairs. However it is possible to encode a deterministic 
projection, even if we have more than one term of the same type. An example, 
although there are various possibilities, is given in the following table: 
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Standard 


Encoding 


(r, s) : AAA 


Aa^.r + \x 2 .s : 1 => A A 2 => A 


7ri(r,s) 


ttWa (Ax.r + AaAs)?/ 1 



where types 1 and 2 are any two different types. This example uses free vari- 
ables, but it is easy to close it, e.g. use Xy.y instead of y in the second line. 

Moreover, this technique is not limited to pairs. Due to the associativity 
nature of +, the encoding can be easily extended to lists. 

4-2. A deterministic subsystem 

In the previous section we have seen how to encode a pair, transforming the 
non-deterministic projection into a deterministic one via an encoding. Another 
possibility, is to remove the non-deterministic behaviour of this calculus by drop- 
ping the isomorphisms (1) and (2), as well as rules comm and asso. Despite that 
such a modification would simplify the calculus — indeed, the projection can be 
taken as the standard projection — the resulting calculus would still count with 
distribution of application over conjunction and currification, two interesting 
features for a language. The former allows to execute a function only partially, 
when not all its results are needed. The latter can also be used to optimise 
programs when there are multiple calls to the same function, but one of its 
arguments is fixed. 

4-3. Booleans 

Example 2.8 on booleans actually overlooks an interesting fact: If A = 
B, then both T and F behaves as a non-deterministic projector. Indeed, 
Trs r, but also (Xx A .Xy B .x)rs T± (Xx A .Xy A .x)rs ^ (Xx A .Xy A .x)(r + s) ^ 
{Xx A .Xy A .x)(s + r) <=t (Xx A .Xy A .x)sr ^* s. 

Similarly, Frs ^* s and also Frs ~~>* r. Hence, A => A =>■ A is not suitable 
to encode the type Bool. The type A A =>• A has only one term in the 
underlying equational theory. 

Fortunately, there are ways to construct types with more than one term. 
First, let us define the following notation. For any t, let write [t] A , the canon 
of t, that is, the term Xz .t, where z A is a fresh variable not appearing in t. 
Also, for any term t of type A =>- B, we write {t} A ^~ B , the cocanon, which is 
the inverse operation, that is, {[t]" 4 }" 4 ^'' 8 = t for any t : B. For the cocanon 
it suffices to take {t} A ^ B = tXx A .y B . Therefore, the type ((A =>■ A) => B) => 
B => B has the following two different terms: tt := Xx B .Xy^ A ^ A '^ B .x and 
ff := Xx( A=>A ^ B .Xy B .{x} A ^ A . Hence, it is possible to encode an if-then-else 
conditional expression in the following way: If c then r else s := cr[s] A= *" A . So, 
ttr[s] A=M r, while Wr[s} A ^ A ^* «[s} A ^ A r {[s] A ^ A } A ^ s. 

5. Conclusions, Discussions and Future Work 

In this paper we defined a proof system for propositional logic with an as- 
sociative and commutative conjunction, and a distributive implication with re- 
spect to it, where equivalent propositions get the same proofs. 



27 



5.1. Related Work 

5.1.1. Relation with other non- deterministic calculi 

As a consequence of the commutativity of conjunction, the projection in 
our calculus is not position-oriented but type-oriented, which entails a non- 
deterministic projection where if a proposition has two possible proofs, the pro- 
jection of its conjunction can output any of them. For example, if r and s are 
two possible proofs of A, then tta{t + s) will output either r or s. 

In several works (cf. [22, §3.4] for a survey), the non-determinism is modelled 
by two operators: The first is normally written +, and instead of distributing 
over application, it actually makes the non-deterministic choice. Hence (r + s)t 
reduces either to rt or to st [10]. The second one, denoted by ||, does not 
make the choice, and therefore (r || s)t reduces to rt || st [11]. One way to 
interpret these operators is that the first one is a non-dctcrministic one, while 
the second is the parallel composition. Another common interpretation is that 
+ is a may- convergent non-deterministic operator, where type systems ensure 
that at least one branch converges (i.e. terminates), while || is a must-convergent 
non-deterministic operator, where both branches are meant to converge [8, 10, 
11, 16]. In our setting, the + operator behaves like ||, and an extra operator (tta) 
induces the non-deterministic choice. The main point is that this construction 
arose naturally as a consequence of considering the isomorphisms between types 
as an equivalence relation. Our type system ensures the termination of all the 
branches (Theorem 3.18), therefore ensuring must-convergence. 

5.1.2. Relation with the selective A- calculus 

In a work by Garrigue and A'it-Kaci [20], only the isomorphism 

A => (B => C) = B => {A => C). (5) 

has been treated, which is complete with respect to the function type. Our 
contribution with respect to this work is that we also consider the conjunction, 
and hence four isomorphisms. Notice that isomorphism (5), in our setting, is 
a consequence of currification and commutation, that is A A B = B A A and 
{AAB)=>C = A^B=>C. 

Their proposal is the selective A-calculus, a calculus including labellings to 
identify which argument is being used at each time. Moreover, by considering 
the Church encoding of pairs, isomorphism (5) implies isomorphism (1) (com- 
mutativity of A). However their proposal is different to ours. In particular, we 
track the term by its type, which is a kind of labelling, but when two terms 
have the same type, then we leave the system to non-deterministically choose 
any proof. One of our main novelties is, indeed, the non-deterministic projector. 
However, we can also get back determinism, by encoding a labelling, as discussed 
in Section 4, or by dropping some of the isomorphisms (namely, associativity 
and commutativity of conjunction). 
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5.2. Future Work 

5.2.1. Adding more connectives 

A subtle question is how to add a neutral element of the conjunction, which 
will imply more isomorphisms, e.g. A f\T = A, A ^ T = T and T A = A. 
Notice that within our system, T => T = T would make it possible to derive 
(Ax T .xx)(Xx T .xx) : T, however this term is not the classical f2, it is typed by 
T, and imposing some restrictions on the beta reduction, it could be forced not 
to reduce to itself but to discard its argument. For example: "If A = T, then 
(Ax A .r)s <-t Ax A .r, in other case, do the standard beta-reduction". 

5.2.2. Probabilistic and quantum computing 

A second line is the probabilistic interpretation of the non-determinism in our 
calculus. In [15] a probability space over the set of non-deterministic execution 
traces is defined. This way, our calculus is transformed into a probabilistic calcu- 
lus instead of just a non-deterministic one, providing an alternative way for more 
complex constructions. Moreover, the original motivation behind the linear al- 
gebraic extension of lambda calculus [4] and its vectorial type system [2] was to 
encode quantum computing on it by considering not only non-deterministic su- 
perpositions, but formal linear combinations of terms. A projection depending 
on scalars could lead to a measurement operator in a future design. This is a 
promising future direction we are willing to take. 
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